Subscribe to the latest research through IGI Global's new InfoSci-OnDemand Plus

InfoSci®-OnDemand Plus, a subscription-based service, provides researchers the ability to access full-text content from over 93,000+ peer-reviewed book chapters and 24,000+ scholarly journal articles covering 11 core subjects. Users can select articles or chapters that meet their interests and gain access to the full content permanently in their personal online InfoSci-OnDemand Plus library.

When ordering directly through IGI Global's Online Bookstore, receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book.

InfoSci®-Journals Annual Subscription Price for New Customers: As Low As US$ 4,080*

This collection of over 185 e-journals offers unlimited access to highly-cited, forward-thinking content in full-text PDF and HTML with no DRM. There are no platform or maintenance fees and a guarantee of no more than 5% increase annually.

Abstract

This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

Article Preview

Security Incident Response

Security incident response is concerned with the preparedness, identification, containment, and recovery from security incidents. Developing an information systems security incident response capability is hardly optional for organizations. Without an effective incident response capability, organizations are simply risking their entire business. According to NTT Security’s (2016) Risk Value Report, one security breach can cost an organization a financial loss up to USD $10 million and priceless reputational damage which might be impossible to recover from.

Today, to provide security incident response functionality, organizations typically rely on either internal or external security incident response organizations called Computer Security Incident Response Teams (CSIRTs). These organizations function under different categories, depending on their scope of work and the constituents they support (West-Brown et al., 2003). To mount an effective security incident response, CSIRTs need to provide timely and reliable information about existing security threats and incidents. Timely incident response is a requirement critical to enabling organizations to quickly respond to potential threats. Reliable information is required to ensure organizations’ staff stay focused on the existing threat risk and avoid confusion and distraction.